From c8faacd4e9e8d4f253285a650b76c07182b54e20 Mon Sep 17 00:00:00 2001 From: Paul RASCLE Date: Thu, 5 Sep 2019 10:56:08 +0200 Subject: [PATCH] In progress: get ip address on default interface (for instance eth0) to limit listening on this interface. (Requested for cyber security improvement). This modification is difficult to test on all configurations, so please provide information on the not working configurations, to build something more robust if needed. --- bin/ORBConfigFile.py | 7 +++++++ bin/nameserver.py | 10 +++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/bin/ORBConfigFile.py b/bin/ORBConfigFile.py index c51187d1d..ba06cebe1 100755 --- a/bin/ORBConfigFile.py +++ b/bin/ORBConfigFile.py @@ -56,6 +56,11 @@ def writeORBConfigFile(path, host, port, kwargs={}): from omniORB import CORBA prefix = "" if CORBA.ORB_ID == "omniORB4" else "ORB" + + from subprocess import check_output + ips = check_output(['hostname', '--all-ip-addresses']) + # get ip address on default interface (for instance eth0) to limit listening on this interface (cyber security request) + ipDefault = ips.split()[0].decode() GIOP_MaxMsgSize = 2097152000 # 2 GBytes @@ -65,6 +70,8 @@ def writeORBConfigFile(path, host, port, kwargs={}): orbdata.append("%straceLevel = 0 # critical errors only"%(prefix)) orbdata.append("%smaxGIOPConnectionPerServer = 500 # to allow containers parallel launch"%(prefix)) orbdata.append("%snativeCharCodeSet = UTF-8"%(prefix)) + orbdata.append("%sendPoint = giop:tcp:127.0.0.1:%s"%(prefix,'')) + orbdata.append("%sendPoint = giop:tcp:%s:%s"%(prefix, ipDefault,'')) orbdata.append("") with open(omniorb_config, "w") as f: diff --git a/bin/nameserver.py b/bin/nameserver.py index e20cd2f9c..257969892 100644 --- a/bin/nameserver.py +++ b/bin/nameserver.py @@ -87,9 +87,13 @@ class NamingServer(Server): self.CMD = ['omniNames', '-start' , aPort , '-nohostname', '-logdir' , os.path.realpath(upath), '-errlog', os.path.realpath(os.path.join(upath,'omniNameErrors.log'))] #os.system("start omniNames -start " + aPort + " -logdir " + upath) else: - #self.CMD=['omniNames -start ' , aPort , ' -logdir ' , upath , ' &'] - self.CMD = ['omniNames','-start' , aPort, '-logdir' , upath, '-errlog', upath+'/omniNameErrors.log'] - #os.system("omniNames -start " + aPort + " -logdir " + upath + " &") + # get ip address on default interface (for instance eth0) to limit listening on this interface (cyber security request) + from subprocess import check_output + ips = check_output(['hostname', '--all-ip-addresses']) + ipDefault = ips.split()[0].decode() + self.CMD = ['omniNames','-start' , aPort] + self.CMD += ['-logdir' , upath, '-errlog', upath+'/omniNameErrors.log'] + self.CMD += ['-ORBendPoint', 'giop:tcp:%s:%s'%(hname,aPort)] if verbose(): print("... ok") if verbose(): print("to list contexts and objects bound into the context with the specified name : showNS ") -- 2.39.2